{
 "cells": [
  {
   "cell_type": "markdown",
   "id": "a7b2570a-bdf1-477a-8799-0aefe81a0e28",
   "metadata": {},
   "source": [
    "## Setup Feast\n",
    "Create a sample `rbac` project with local storage."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "id": "74c1ee91-1816-4338-aabf-7851b655b061",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "\n",
      "Creating a new Feast repository in \u001b[1m\u001b[32m/Users/dmartino/projects/AI/feast/feast/examples/rbac-local/rbac\u001b[0m.\n",
      "\n"
     ]
    }
   ],
   "source": [
    "!rm -rf rbac\n",
    "!feast init rbac"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "e3215797-198a-49af-a241-7e0117634897",
   "metadata": {},
   "source": [
    "Update the `feature_store.yaml` with an `auth` section derived from the Keycloak setup file [.env](.env)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "id": "a09d2198-9e3a-48f6-8c9d-72d62d20cd57",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "OIDC_SERVER_URL='http://0.0.0.0:9999'\n",
      "REALM='rbac_example'\n",
      "CLIENT_ID='app'\n",
      "CLIENT_SECRET='REDACTED'\n",
      "PASSWORD='password'\n"
     ]
    }
   ],
   "source": [
    "!cat .env"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "6cd89872-a6c6-4be0-a6e3-8fd60d448b7b",
   "metadata": {},
   "source": [
    "### Update the server YAML\n",
    "Update the server YAML to use OIDC authorization"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "id": "e16d5a44-ab0c-4ca8-8491-e7d9073469f8",
   "metadata": {},
   "outputs": [],
   "source": [
    "from dotenv import load_dotenv\n",
    "import os\n",
    "import yaml\n",
    "\n",
    "def load_config_file(path):\n",
    "    load_dotenv()\n",
    "\n",
    "    with open(path, 'r') as file:\n",
    "        config = yaml.safe_load(file) or {}\n",
    "    return config"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 12,
   "id": "cd30523b-4e1c-4d56-9c72-84aacb46b29d",
   "metadata": {},
   "outputs": [],
   "source": [
    "def update_config_with_auth(config, is_client=False):\n",
    "    config['auth']={}\n",
    "    config['auth']['type']='oidc'\n",
    "    config['auth']['auth_discovery_url']=f\"{os.getenv('OIDC_SERVER_URL')}/realms/{os.getenv('REALM')}/.well-known/openid-configuration\"\n",
    "    config['auth']['client_id']=os.getenv('CLIENT_ID')\n",
    "    if is_client:\n",
    "        config['auth']['client_secret']=os.getenv('CLIENT_SECRET')\n",
    "        config['auth']['username']=''\n",
    "        config['auth']['password']='password'"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 13,
   "id": "1631a8c8-f635-4970-8653-06c147b1c128",
   "metadata": {},
   "outputs": [],
   "source": [
    "def update_config_file(path):\n",
    "    with open(path, 'w') as file:\n",
    "        yaml.safe_dump(config, file, default_flow_style=False)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 14,
   "id": "78898d46-1185-4528-8f08-b137dd49246a",
   "metadata": {},
   "outputs": [],
   "source": [
    "config = load_config_file('rbac/feature_repo/feature_store.yaml')\n",
    "update_config_with_auth(config)\n",
    "update_config_file('rbac/feature_repo/feature_store.yaml')"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 15,
   "id": "e2437286-2907-4818-87ad-a2293f21311e",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "auth:\n",
      "  auth_discovery_url: http://0.0.0.0:9999/realms/rbac_example/.well-known/openid-configuration\n",
      "  client_id: app\n",
      "  type: oidc\n",
      "entity_key_serialization_version: 2\n",
      "online_store:\n",
      "  path: data/online_store.db\n",
      "  type: sqlite\n",
      "project: rbac\n",
      "provider: local\n",
      "registry: data/registry.db\n"
     ]
    }
   ],
   "source": [
    "!cat rbac/feature_repo/feature_store.yaml"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "fa715453-8c41-4f57-8cf2-c96f6a211cde",
   "metadata": {},
   "source": [
    "### Update the client YAML\n",
    "Update the client YAML to use OIDC authorization"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 16,
   "id": "886a558a-1746-44fa-9e38-0e381b3b3deb",
   "metadata": {},
   "outputs": [],
   "source": [
    "config = load_config_file('client/feature_store.yaml')\n",
    "update_config_with_auth(config, is_client=True)\n",
    "update_config_file('client/feature_store.yaml')"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 17,
   "id": "267a72e4-443a-4b08-bd59-84d475a29e2a",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "auth:\n",
      "  auth_discovery_url: http://0.0.0.0:9999/realms/rbac_example/.well-known/openid-configuration\n",
      "  client_id: app\n",
      "  client_secret: REDACTED\n",
      "  password: password\n",
      "  type: oidc\n",
      "  username: ''\n",
      "entity_key_serialization_version: 2\n",
      "offline_store:\n",
      "  host: localhost\n",
      "  port: 8815\n",
      "  type: remote\n",
      "online_store:\n",
      "  path: http://localhost:6566\n",
      "  type: remote\n",
      "project: rbac\n",
      "registry:\n",
      "  path: localhost:6570\n",
      "  registry_type: remote\n"
     ]
    }
   ],
   "source": [
    "!cat client/feature_store.yaml"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "f71f5189-4423-4720-bbd2-fcb9b778a26b",
   "metadata": {},
   "source": [
    "### Apply the configuration"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 18,
   "id": "e0c24e05-6e38-4ff1-9c39-73818fe41f18",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Applying changes for project rbac\n",
      "/Users/dmartino/projects/AI/feast/feast/sdk/python/feast/feature_store.py:562: RuntimeWarning: On demand feature view is an experimental feature. This API is stable, but the functionality does not scale well for offline retrieval\n",
      "  warnings.warn(\n",
      "Created project \u001b[1m\u001b[32mrbac\u001b[0m\n",
      "Created entity \u001b[1m\u001b[32mdriver\u001b[0m\n",
      "Created feature view \u001b[1m\u001b[32mdriver_hourly_stats\u001b[0m\n",
      "Created feature view \u001b[1m\u001b[32mdriver_hourly_stats_fresh\u001b[0m\n",
      "Created on demand feature view \u001b[1m\u001b[32mtransformed_conv_rate_fresh\u001b[0m\n",
      "Created on demand feature view \u001b[1m\u001b[32mtransformed_conv_rate\u001b[0m\n",
      "Created feature service \u001b[1m\u001b[32mdriver_activity_v1\u001b[0m\n",
      "Created feature service \u001b[1m\u001b[32mdriver_activity_v3\u001b[0m\n",
      "Created feature service \u001b[1m\u001b[32mdriver_activity_v2\u001b[0m\n",
      "\n",
      "Created sqlite table \u001b[1m\u001b[32mrbac_driver_hourly_stats_fresh\u001b[0m\n",
      "Created sqlite table \u001b[1m\u001b[32mrbac_driver_hourly_stats\u001b[0m\n",
      "\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo apply"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "69b9857a-e32b-47ed-a120-57919ecb6b5d",
   "metadata": {},
   "source": [
    "### Validate permissions"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "867f565d-9740-4790-8d11-31001d920358",
   "metadata": {},
   "source": [
    "There are no permissions after applying the example:"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 19,
   "id": "004f16bf-d125-4aec-b683-3e9653815a27",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "NAME    TYPES    NAME_PATTERN    ACTIONS    ROLES    REQUIRED_TAGS\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions list"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "f2276488-39ec-4ae8-bb69-08dce7ad1bd4",
   "metadata": {},
   "source": [
    "The `permissions check` command identifies the resources that have no permissions matching their type, name or tags."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 20,
   "id": "9fdd2660-c0f5-4dc9-a2da-d45751dcfa01",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "\u001b[1m\u001b[31mThe following resources are not secured by any permission configuration:\u001b[0m\n",
      "NAME                         TYPE\n",
      "driver                       Entity\n",
      "driver_hourly_stats          FeatureView\n",
      "driver_hourly_stats_fresh    FeatureView\n",
      "transformed_conv_rate_fresh  OnDemandFeatureView\n",
      "transformed_conv_rate        OnDemandFeatureView\n",
      "driver_activity_v1           FeatureService\n",
      "driver_activity_v3           FeatureService\n",
      "driver_activity_v2           FeatureService\n",
      "vals_to_add                  RequestSource\n",
      "driver_stats_push_source     PushSource\n",
      "driver_hourly_stats_source   FileSource\n",
      "\u001b[1m\u001b[31mThe following actions are not secured by any permission configuration (Note: this might not be a security concern, depending on the used APIs):\u001b[0m\n",
      "NAME                         TYPE                 UNSECURED ACTIONS\n",
      "driver                       Entity               CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_hourly_stats          FeatureView          CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_hourly_stats_fresh    FeatureView          CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "transformed_conv_rate_fresh  OnDemandFeatureView  CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "transformed_conv_rate        OnDemandFeatureView  CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_activity_v1           FeatureService       CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_activity_v3           FeatureService       CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_activity_v2           FeatureService       CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "vals_to_add                  RequestSource        CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_stats_push_source     PushSource           CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n",
      "driver_hourly_stats_source   FileSource           CREATE\n",
      "                                                  DESCRIBE\n",
      "                                                  UPDATE\n",
      "                                                  DELETE\n",
      "                                                  READ_ONLINE\n",
      "                                                  READ_OFFLINE\n",
      "                                                  WRITE_ONLINE\n",
      "                                                  WRITE_OFFLINE\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions check"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "eb65649d-7ba7-494f-9e01-772842304ca1",
   "metadata": {},
   "source": [
    "### Applying permissions\n",
    "Let's create some Permissions to cover basic scenarios.\n",
    "\n",
    "First a simple permission to read the status of all the objects."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 22,
   "id": "3e910c5d-2f27-4f19-b324-c00347133da7",
   "metadata": {},
   "outputs": [],
   "source": [
    "from feast import FeatureStore\n",
    "from feast.feast_object import ALL_RESOURCE_TYPES\n",
    "from feast.permissions.action import CRUD, AuthzedAction, ALL_ACTIONS\n",
    "from feast.permissions.permission import Permission\n",
    "from feast.permissions.policy import RoleBasedPolicy"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 23,
   "id": "9e85bb35-cf12-4860-90d6-d1cd4830049c",
   "metadata": {},
   "outputs": [],
   "source": [
    "store = FeatureStore(\"rbac/feature_repo\")"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 24,
   "id": "87cc7c4f-48af-4158-adee-b1ccd8a72ea7",
   "metadata": {},
   "outputs": [],
   "source": [
    "read_permission = Permission(\n",
    "    name=\"read_permission\",\n",
    "    types=ALL_RESOURCE_TYPES,\n",
    "    policy=RoleBasedPolicy(roles=[\"reader\"]),\n",
    "    actions=AuthzedAction.DESCRIBE\n",
    ")\n",
    "store.registry.apply_permission(read_permission, store.project)"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "e1dcb0d3-21e3-44b7-9ad5-c6b2b1e45b33",
   "metadata": {},
   "source": [
    "Now a specific permission to write online data (e.g. `materialize`) the `FeatureView`s whose name ends by `fresh`"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 25,
   "id": "1c2fecdd-056e-4462-b1ad-eec123e282dd",
   "metadata": {},
   "outputs": [],
   "source": [
    "from feast.feature_view import FeatureView\n",
    "write_fresh_permission = Permission(\n",
    "    name=\"write_fresh_permission\",\n",
    "    types=FeatureView,\n",
    "    name_patterns=\".*_fresh\",\n",
    "    policy=RoleBasedPolicy(roles=[\"fresh_writer\"]),\n",
    "    actions=AuthzedAction.WRITE_ONLINE\n",
    ")\n",
    "store.registry.apply_permission(write_fresh_permission, store.project)"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "71edd0ea-67b5-4845-b8ae-602ed3883bb7",
   "metadata": {},
   "source": [
    "Another one to match allow access to OFFLINE functions."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 26,
   "id": "c74e677c-3959-4963-b683-a5289c8238c9",
   "metadata": {},
   "outputs": [],
   "source": [
    "from feast.feature_view import FeatureView\n",
    "from feast.feature_service import FeatureService\n",
    "from feast.on_demand_feature_view import OnDemandFeatureView\n",
    "offline_permission = Permission(\n",
    "    name=\"offline_permission\",\n",
    "    types=[FeatureView, OnDemandFeatureView, FeatureService],\n",
    "    policy=RoleBasedPolicy(roles=[\"batch_admin\"]),\n",
    "    actions= CRUD + [AuthzedAction.WRITE_OFFLINE, AuthzedAction.READ_OFFLINE]\n",
    ")\n",
    "store.registry.apply_permission(offline_permission, store.project)"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "3edc08f5-40e1-488a-b749-9b1f5fc31061",
   "metadata": {},
   "source": [
    "Finally, ad `admin` permission to manage all the resources"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 27,
   "id": "739a26ee-e08e-461a-9f75-59158328fc90",
   "metadata": {},
   "outputs": [],
   "source": [
    "admin_permission = Permission(\n",
    "    name=\"admin_permission\",\n",
    "    types=ALL_RESOURCE_TYPES,\n",
    "    policy=RoleBasedPolicy(roles=[\"store_admin\"]),\n",
    "    actions=ALL_ACTIONS\n",
    ")\n",
    "store.registry.apply_permission(admin_permission, store.project)"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "916c9399-866e-4796-9858-a890ceb29e48",
   "metadata": {},
   "source": [
    "## Validate registered permissions"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "aed869b3-c567-428f-8a69-9c322b62f7c6",
   "metadata": {},
   "source": [
    "List all the permissions."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 28,
   "id": "cd284369-1cef-4cf6-859f-ea79d1450ed2",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "NAME                    TYPES                NAME_PATTERN    ACTIONS        ROLES         REQUIRED_TAGS\n",
      "read_permission         Project                              DESCRIBE       reader        -\n",
      "                        FeatureView\n",
      "                        OnDemandFeatureView\n",
      "                        BatchFeatureView\n",
      "                        StreamFeatureView\n",
      "                        Entity\n",
      "                        FeatureService\n",
      "                        DataSource\n",
      "                        ValidationReference\n",
      "                        SavedDataset\n",
      "                        Permission\n",
      "write_fresh_permission  FeatureView          .*_fresh        WRITE_ONLINE   fresh_writer  -\n",
      "offline_permission      FeatureView                          CREATE         batch_admin   -\n",
      "                        OnDemandFeatureView                  DESCRIBE\n",
      "                        FeatureService                       UPDATE\n",
      "                                                             DELETE\n",
      "                                                             WRITE_OFFLINE\n",
      "                                                             READ_OFFLINE\n",
      "admin_permission        Project                              CREATE         store_admin   -\n",
      "                        FeatureView                          DESCRIBE\n",
      "                        OnDemandFeatureView                  UPDATE\n",
      "                        BatchFeatureView                     DELETE\n",
      "                        StreamFeatureView                    READ_ONLINE\n",
      "                        Entity                               READ_OFFLINE\n",
      "                        FeatureService                       WRITE_ONLINE\n",
      "                        DataSource                           WRITE_OFFLINE\n",
      "                        ValidationReference\n",
      "                        SavedDataset\n",
      "                        Permission\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions list"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "be3873ee-2514-4aec-8fe8-8b54a3602651",
   "metadata": {},
   "source": [
    "List all the resources matching each configured permission."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 29,
   "id": "419df226-36df-4d19-be0d-ba82813fef80",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "\n",
      "\u001b[1m\u001b[32mThe structure of the \u001b[1m\u001b[37mfeast-permissions list --verbose \u001b[1m\u001b[32mcommand will be as in the following example:\n",
      "\n",
      "\u001b[2mFor example: \u001b[0m\u001b[1m\u001b[32m\n",
      "\n",
      "permissions\n",
      "├── permission_1 ['role names list']\n",
      "│   ├── FeatureView: ['feature view names']\n",
      "│   ├── FeatureService: none\n",
      "│   └── ..\n",
      "├── permission_2 ['role names list']\n",
      "└── ..\n",
      "\n",
      "-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\u001b[0m\n",
      "            \n",
      "Permissions:\n",
      "\n",
      "permissions\n",
      "├── read_permission ['reader']\n",
      "│   ├── FeatureView ['driver_hourly_stats_fresh', 'transformed_conv_rate_fresh', 'transformed_conv_rate', 'driver_hourly_stats']\n",
      "│   ├── OnDemandFeatureView ['transformed_conv_rate_fresh', 'transformed_conv_rate']\n",
      "│   ├── BatchFeatureView ['driver_hourly_stats_fresh', 'driver_hourly_stats']\n",
      "│   ├── StreamFeatureView: none\n",
      "│   ├── Entity: ['driver']\n",
      "│   ├── FeatureService: ['driver_activity_v3', 'driver_activity_v2', 'driver_activity_v1']\n",
      "│   ├── DataSource: ['driver_stats_push_source', 'driver_hourly_stats_source', 'vals_to_add']\n",
      "│   ├── ValidationReference: none\n",
      "│   └── SavedDataset: none\n",
      "├── write_fresh_permission ['fresh_writer']\n",
      "│   └── FeatureView ['driver_hourly_stats_fresh']\n",
      "├── offline_permission ['batch_admin']\n",
      "│   ├── FeatureView ['driver_hourly_stats_fresh', 'transformed_conv_rate_fresh', 'transformed_conv_rate', 'driver_hourly_stats']\n",
      "│   ├── OnDemandFeatureView ['transformed_conv_rate_fresh', 'transformed_conv_rate']\n",
      "│   └── FeatureService: ['driver_activity_v3', 'driver_activity_v2', 'driver_activity_v1']\n",
      "└── admin_permission ['store_admin']\n",
      "    ├── FeatureView ['driver_hourly_stats_fresh', 'transformed_conv_rate_fresh', 'transformed_conv_rate', 'driver_hourly_stats']\n",
      "    ├── OnDemandFeatureView ['transformed_conv_rate_fresh', 'transformed_conv_rate']\n",
      "    ├── BatchFeatureView ['driver_hourly_stats_fresh', 'driver_hourly_stats']\n",
      "    ├── StreamFeatureView: none\n",
      "    ├── Entity: ['driver']\n",
      "    ├── FeatureService: ['driver_activity_v3', 'driver_activity_v2', 'driver_activity_v1']\n",
      "    ├── DataSource: ['driver_stats_push_source', 'driver_hourly_stats_source', 'vals_to_add']\n",
      "    ├── ValidationReference: none\n",
      "    └── SavedDataset: none\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions list -v"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "90319f10-abce-4a18-9891-7428c8781187",
   "metadata": {},
   "source": [
    "Describe one of the permissions."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 30,
   "id": "cec436ce-5d1c-455e-a6d7-80f84380e83a",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "spec:\n",
      "  name: admin_permission\n",
      "  types:\n",
      "  - PROJECT\n",
      "  - FEATURE_VIEW\n",
      "  - ON_DEMAND_FEATURE_VIEW\n",
      "  - BATCH_FEATURE_VIEW\n",
      "  - STREAM_FEATURE_VIEW\n",
      "  - ENTITY\n",
      "  - FEATURE_SERVICE\n",
      "  - DATA_SOURCE\n",
      "  - VALIDATION_REFERENCE\n",
      "  - SAVED_DATASET\n",
      "  - PERMISSION\n",
      "  actions:\n",
      "  - CREATE\n",
      "  - DESCRIBE\n",
      "  - UPDATE\n",
      "  - DELETE\n",
      "  - READ_ONLINE\n",
      "  - READ_OFFLINE\n",
      "  - WRITE_ONLINE\n",
      "  - WRITE_OFFLINE\n",
      "  policy:\n",
      "    roleBasedPolicy:\n",
      "      roles:\n",
      "      - store_admin\n",
      "meta:\n",
      "  createdTimestamp: '2024-09-09T06:41:28.335684Z'\n",
      "  lastUpdatedTimestamp: '2024-09-09T06:41:28.335684Z'\n",
      "\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions describe admin_permission"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "a267a3bb-9861-43eb-9f7b-33f5d5a23e81",
   "metadata": {},
   "source": [
    "List the roles specified by these permissions."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 31,
   "id": "b6a3f4a6-e3ab-4aaa-9a15-69ea63246b45",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "+--------------+\n",
      "| ROLE NAME    |\n",
      "+==============+\n",
      "| batch_admin  |\n",
      "+--------------+\n",
      "| fresh_writer |\n",
      "+--------------+\n",
      "| reader       |\n",
      "+--------------+\n",
      "| store_admin  |\n",
      "+--------------+\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions list-roles"
   ]
  },
  {
   "cell_type": "markdown",
   "id": "0dbb31d3-edc9-4146-a46c-146d7f59532a",
   "metadata": {},
   "source": [
    "For each configured role, list all the resources and operations that are allowed to a user impersonating this role."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 32,
   "id": "45832f21-43c6-4784-ba88-1e65fa8479b5",
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "ROLE NAME     RESOURCE NAME                RESOURCE TYPE        PERMITTED ACTIONS\n",
      "batch_admin   driver                       Entity               -\n",
      "batch_admin   driver_hourly_stats          FeatureView          CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   driver_hourly_stats_fresh    FeatureView          CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   transformed_conv_rate_fresh  OnDemandFeatureView  CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   transformed_conv_rate        OnDemandFeatureView  CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   driver_activity_v1           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   driver_activity_v3           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   driver_activity_v2           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "batch_admin   vals_to_add                  RequestSource        -\n",
      "batch_admin   driver_stats_push_source     PushSource           -\n",
      "batch_admin   driver_hourly_stats_source   FileSource           -\n",
      "batch_admin   read_permission              Permission           -\n",
      "batch_admin   write_fresh_permission       Permission           -\n",
      "batch_admin   offline_permission           Permission           -\n",
      "batch_admin   admin_permission             Permission           -\n",
      "fresh_writer  driver                       Entity               -\n",
      "fresh_writer  driver_hourly_stats          FeatureView          -\n",
      "fresh_writer  driver_hourly_stats_fresh    FeatureView          WRITE_ONLINE\n",
      "fresh_writer  transformed_conv_rate_fresh  OnDemandFeatureView  -\n",
      "fresh_writer  transformed_conv_rate        OnDemandFeatureView  -\n",
      "fresh_writer  driver_activity_v1           FeatureService       -\n",
      "fresh_writer  driver_activity_v3           FeatureService       -\n",
      "fresh_writer  driver_activity_v2           FeatureService       -\n",
      "fresh_writer  vals_to_add                  RequestSource        -\n",
      "fresh_writer  driver_stats_push_source     PushSource           -\n",
      "fresh_writer  driver_hourly_stats_source   FileSource           -\n",
      "fresh_writer  read_permission              Permission           -\n",
      "fresh_writer  write_fresh_permission       Permission           -\n",
      "fresh_writer  offline_permission           Permission           -\n",
      "fresh_writer  admin_permission             Permission           -\n",
      "reader        driver                       Entity               DESCRIBE\n",
      "reader        driver_hourly_stats          FeatureView          DESCRIBE\n",
      "reader        driver_hourly_stats_fresh    FeatureView          DESCRIBE\n",
      "reader        transformed_conv_rate_fresh  OnDemandFeatureView  DESCRIBE\n",
      "reader        transformed_conv_rate        OnDemandFeatureView  DESCRIBE\n",
      "reader        driver_activity_v1           FeatureService       DESCRIBE\n",
      "reader        driver_activity_v3           FeatureService       DESCRIBE\n",
      "reader        driver_activity_v2           FeatureService       DESCRIBE\n",
      "reader        vals_to_add                  RequestSource        DESCRIBE\n",
      "reader        driver_stats_push_source     PushSource           DESCRIBE\n",
      "reader        driver_hourly_stats_source   FileSource           DESCRIBE\n",
      "reader        read_permission              Permission           DESCRIBE\n",
      "reader        write_fresh_permission       Permission           DESCRIBE\n",
      "reader        offline_permission           Permission           DESCRIBE\n",
      "reader        admin_permission             Permission           DESCRIBE\n",
      "store_admin   driver                       Entity               CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_hourly_stats          FeatureView          CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_hourly_stats_fresh    FeatureView          CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   transformed_conv_rate_fresh  OnDemandFeatureView  CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   transformed_conv_rate        OnDemandFeatureView  CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_activity_v1           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_activity_v3           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_activity_v2           FeatureService       CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   vals_to_add                  RequestSource        CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_stats_push_source     PushSource           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   driver_hourly_stats_source   FileSource           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   read_permission              Permission           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   write_fresh_permission       Permission           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   offline_permission           Permission           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n",
      "store_admin   admin_permission             Permission           CREATE\n",
      "                                                                DESCRIBE\n",
      "                                                                UPDATE\n",
      "                                                                DELETE\n",
      "                                                                READ_ONLINE\n",
      "                                                                READ_OFFLINE\n",
      "                                                                WRITE_ONLINE\n",
      "                                                                WRITE_OFFLINE\n"
     ]
    }
   ],
   "source": [
    "!feast -c rbac/feature_repo permissions list-roles -v"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": null,
   "id": "c7960d2c-e43f-46b4-8cb3-5c6fc9dbaba8",
   "metadata": {},
   "outputs": [],
   "source": []
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3 (ipykernel)",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.11.9"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 5
}
